API Terms of Service
If you have found yourself on this page, it is because you are interested in building software that helps the Medicaid beneficiaries in the North Carolina access their healthcare data. Thank you. Please read our Application Programming Interface (API) Terms of Service carefully.
Scope
By accessing or using the North Carolina Department of Health and Human Services (NCDHHS) APIs and other developer services (collectively, APIs), you are agreeing to the terms below, any relevant sections of the North Carolina Privacy Policies, and the nc.gov Terms and Conditions (collectively, Terms).
Data Rights and Usage
Accounts/Registration
When using the APIs, you must ensure you have proper authority if representing an organization, as all terms will bind both you and your entity. The registration process requires accurate identification and contact information, which must be kept current to receive important updates about API changes. Your developer credentials, including passwords and tokens, are strictly personal and must be kept confidential - they cannot be shared or embedded in open source projects. Access to the APIs is only permitted through officially documented methods, and NCDHHS reserves the right to revoke credentials if they detect inappropriate use. For those granted production credentials, these can only be used with applications that have passed NCDHHS review process. Using production credentials with unapproved applications is prohibited and may result in access revocation. These measures ensure secure and appropriate use of the API system.
Activities and Purposes
You may use the APIs to develop a service to search, display, analyze, retrieve, view and otherwise obtain certain information or data about Medicaid beneficiaries from NCDHHS, specifically, Medicaid Fee-for-Service claims data.
Privacy
All Medicaid beneficiary data accessed through the APIs is protected by strict federal privacy laws, including the Privacy Act of 1974 and HIPAA. These rules emphasize the responsibility that comes with accessing healthcare data and the importance of maintaining patient privacy and data security at all times. When handling this sensitive information, you must follow all federal and state laws regarding data protection and disclosure. The key rule is simple: you cannot share any individuals information with anyone else - whether other people or organizations - unless you have received explicit permission from that individual or their authorized representative. This rule applies to all personal records as defined by the Privacy Act. Additionally, theres a strict prohibition against requesting or using any Medicaid beneficiary's login credentials.
Attribution
When you incorporate API materials - whether its data, code, documentation, or other content - you must give proper credit. Every application using these APIs must display this specific disclaimer prominently: This product uses the APIs but is not endorsed or certified by the North Carolina Department of Health and Human Services, Centers for Medicaid Services, or the U.S. Department of Health and Human Services. While you are allowed to use NCDHHS name or logo to show where your API content comes from, you cannot use them in any way that suggests NCDHHS endorses your product, service, or organization - whether it is a commercial business, non-profit, or any other type of entity.
Service Management
Right to Limit
NCDHHS sets limits on how you can access and use the APIs to ensure fair usage and prevent system overload. These restrictions can be changed at any time without warning if NCDHHS deems it necessary. If NCDHHS suspects you are trying to bypass these limits, they may block your access - either temporarily or permanently. Additionally, NCDHHS monitors how you use the APIs for two main purposes: to make their service better and to make sure you are following these rules. Think of it like traffic control - there are speed limits and monitoring to keep everything running smoothly and safely for everyone.
Service Termination
You can end your agreement with these terms simply by stopping your use of the APIs. NCDHHS has two key rights: it can refuse service if you violate their policies, and it can deny or end your access to some or all of the APIs if it believes it is necessary to prevent abuse. If your access is blocked, you can appeal to NCDHHS through their support email to get it restored. NCDHHS will consider reinstating your access if it determines that the original reasons for blocking you no longer exist. However, it has complete discretion in making this decision. Important to note: even if the agreement ends, all the terms remain in effect.
Liability
Disclaimer of Warranties
The NCDHHS API platform comes without any guarantees - you get it exactly as it is and only when it is available. Although NCDHHS strives to maintain consistent service and functionality, it explicitly rejects all types of warranties, whether they are stated directly or implied. This includes, but is not limited to, warranties about the platform being suitable for sale (merchantability), fit for specific uses, or free from intellectual property infringement. NCDHHS makes no promises that the data will be perfect or error-free, nor does it guarantee that you will have uninterrupted or continuous access to the service. While NCDHHS will do its best to keep everything running smoothly, users need to understand and accept that the service comes with no formal assurances about its performance or reliability.
Limitations on Liability
Under this agreement, NCDHHS, Center for Medicare and Medicaid Services (CMS), and the U.S. Department of Health and Human Services (HHS) explicitly limit their legal liability regardless of whether claims arise from contract law, negligence, strict liability, or any other legal or equitable grounds. This means they will not be held financially responsible for any special, incidental, or consequential damages that may occur. Additionally, they will not cover any expenses you might incur in finding alternative products or services, nor will they be liable for any interruptions in service or instances where your data becomes lost or corrupted. This comprehensive limitation of liability applies across all aspects of the API service, and users bear the responsibility for any losses or damages that occur during their use of the system.
Disputes, Choice of Law, Venue, and Conflicts
Any legal issues related to this agreement or your use of APIs will be handled under United States federal and North Carolina state law, including any regulations set by NCDHHS, or their related agencies. These laws apply regardless of any conflicts with other legal jurisdictions. By agreeing to these terms, you accept that Federal Courts have the authority to handle any disputes, and you give up the right to claim that these courts are inappropriate or inconvenient for your case. Forum shall be in the Administrative, District, or Superior Courts of Wake County, North Carolina, where all matters, whether sounding in contract or tort, relating to the validity, construction, interpretation, and enforcement shall be determined. Some specific APIs might have their own special terms. When there is a conflict between these general terms and any API-specific terms, the specific APIs terms will take priority.
Indemnification
You agree to indemnify and hold harmless HHS and CMS, including NCDHHS, its contractors, employees, agents, and the like, from and against any and all claims and expenses, including attorney's fees, arising out of your use of the APIs, including but not limited to violation of these Terms.
No Waiver of Rights
NCDHHS failure to exercise or enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.
Framework
When using the APIs, you must operate within a comprehensive data protection framework that prioritizes user rights and responsible data management. This framework demands full transparency about data collection systems and their purposes, ensuring the public is aware of how beneficiary information is being used. Personal data collection must be conducted legally and fairly, with proper consent from beneficiaries or legal authorization. The use of this data is strictly limited to the specified purposes outlined during collection, and external sharing requires explicit beneficiary consent or legal permission. The framework emphasizes individual rights, ensuring beneficiaries can access and correct their personal information when technically possible. Robust security measures must be implemented to protect against various risks including unauthorized access, loss, or misuse of data. Additionally, all collected data must maintain high quality standards - being accurate, complete, timely, and relevant to its intended purpose. Finally, record keepers bear the responsibility of ensuring compliance with these fair information practices, unless otherwise specified by applicable laws or previous terms.